Over at Mobile World Congress, a Chinese firm that makes fingerprint readers has shown how it’s possible to dupe a smartphone sensor with a fake finger made from clay.
At its MWC booth, Vkansee is making fake digits from modelling clay, and successfully using them to fool lower-res sensors on phones. As the BBC notes in its report, the fake finger may be a fairly poor copy, but it still does the trick.
Naturally, Vkansee makes a high-resolution fingerprint scanner with a 2000 dpi resolution, four times the traditional res, and at this level it picks up “micro features” of the fingerprint, so it’s very difficult to trick with any fake copy of a print.
So detailed are Vkansee’s fingerprint images that they pick up the presence of sweat pores as an anti-spoofing measure (there’s more to it than this in terms of defeating the fakers, but the company says it would rather not go into details, keeping its cards close to its chest for obvious reasons).
As the Beeb observes, however, the threat of having your fingerprint copied via a model is a pretty remote one. In the MWC experiment, the BBC reporter had to keep his finger in gel for five minutes in order to produce the clay moulded copy.
But still, while biometrics may be the next level of security compared to traditional passwords, this does show that even fingerprint authentication has its limitations – and particularly when it comes to crucial business data, that’s something worth thinking about.
Jason Chaikin, president of Vkansee, also notes that with the spread of mobile payments (not to mention the use of fingerprint authentication in banking) the potential benefits of cracking even the average Joe’s phone sensor are rapidly increasing, and there’s certainly no harm in being vigilant in terms of defending mobile devices.